Univention Bugzilla – Full Text Bug Listing |
Summary: | linux: Multiple security issues (3.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Moritz Muehlenhoff <jmm> |
Component: | Security updates | Assignee: | Moritz Muehlenhoff <jmm> |
Status: | CLOSED FIXED | QA Contact: | Janek Walkenhorst <walkenhorst> |
Severity: | normal | ||
Priority: | P2 | ||
Version: | UCS 3.2 | ||
Target Milestone: | UCS 3.2-2-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Moritz Muehlenhoff
2014-05-06 15:27:30 CEST
Out of bounds read in BPF filters (CVE-2014-3144, CVE-2014-3145) Local denial of service in memory management (CVE-2014-3122) Insufficient access checks on netlink sockets (CVE-2014-0181) Insufficient access checks on ping sockets (CVE-2014-2851) Denial of service in KVM (CVE-2014-0155) (Only affects UCS 3.2) The patches have been applied and I've verified that they are effective. All tests went fine. The meta package has been updated to install the new kernel. Errata: 2014-06-05-univention-kernel-image.yaml 2014-06-05-linux.yaml We'll fix these later. Missing check during hugepage migration (CVE-2014-3940) Denial of service in audit system (CVE-2014-3917) Incorrect permission checks in inode_capable() (CVE-2014-4014) These vulnerabilities are open in UCS 3.2 and fixed in Linux 3.10.42: Denial of Service in RDS (CVE-2012-2372) (3.10.27) Information leaks in hamradio network ioctl (CVE-2014-1446) (3.10.27) Local denial of service in fpu handling (CVE-2014-1438) (3.10.27) Information leak in the Netfilter connection tracker for IRC (CVE-2014-1690) (3.10.27) Buffer overflow in KVM (CVE-2014-0049) (3.10.33) Denial of service in selinux (CVE-2014-1874) (3.10.31) Denial of service in CIFS (CVE-2014-0069) (3.10.33) Ipv6 routing denial of service (CVE-2014-2309) (3.10.37) SCTP denial of service (CVE-2014-0101) (3.10.34) Local denial of service in rds (CVE-2013-7339) (3.10.27) Denial of service in vhost_net (CVE-2014-0055, CVE-2014-0077) (3.10.37) Denial of service in RDS (CVE-2014-2678) (3.10.37) Denial of service in mac80211 (CVE-2014-2706) (3.10.34) Denial of service in the atk9k driver (CVE-2014-2672) (3.10.42) Out of bounds read in BPF filters (CVE-2014-3144, CVE-2014-3145) (3.10.41) Local denial of service in memory management (CVE-2014-3122) (3.10.39) Insufficient access checks on ping sockets (CVE-2014-2851) (3.10.41) Denial of service in KVM (CVE-2014-0155) (3.10.40) These vulnerabilities are still unfixed in 3.10.x: Insecure block handling (CVE-2012-4542) Information leak in vhost-net zerocopy support (CVE-2014-0131) Insufficient access checks on netlink sockets (CVE-2014-0181) Information leak in skb_zerocopy (CVE-2014-2568) Missing check during hugepage migration (CVE-2014-3940) Denial of service in audit system (CVE-2014-3917) Incorrect permission checks in inode_capable() (CVE-2014-4014) Information leak in ioctl media_enum_entities() (CVE-2014-1739) (normal device permissions should prevent exploitation) These vulnerabilities are open in UCS 3.2 and fixed in Linux 3.10.44: Denial of Service in RDS (CVE-2012-2372) (3.10.27) Local denial of service in rds (CVE-2013-7339) (3.10.27) Buffer overflow in KVM (CVE-2014-0049) (3.10.33) Denial of service in vhost_net (CVE-2014-0055, CVE-2014-0077) (3.10.37) Denial of service in CIFS (CVE-2014-0069) (3.10.33) SCTP denial of service (CVE-2014-0101) (3.10.34) Denial of service in KVM (CVE-2014-0155) (3.10.40) Local denial of service in fpu handling (CVE-2014-1438) (3.10.27) Information leaks in hamradio network ioctl (CVE-2014-1446) (3.10.27) Information leak in the Netfilter connection tracker for IRC (CVE-2014-1690) (3.10.27) Information leak in ioctl media_enum_entities() (CVE-2014-1739) (3.10.42) Denial of service in selinux (CVE-2014-1874) (3.10.31) Ipv6 routing denial of service (CVE-2014-2309) (3.10.37) Denial of service in the atk9k driver (CVE-2014-2672) (3.10.42) Denial of service in RDS (CVE-2014-2678) (3.10.37) Denial of service in mac80211 (CVE-2014-2706) (3.10.34) Insufficient access checks on ping sockets (CVE-2014-2851) (3.10.41) Local denial of service in memory management (CVE-2014-3122) (3.10.39) Out of bounds read in BPF filters (CVE-2014-3144, CVE-2014-3145) (3.10.41) Denial of service in audit system (CVE-2014-3917) (3.10.44) Incorrect permission checks in inode_capable() (CVE-2014-4014) (3.10.44) These vulnerabilities are still unfixed in 3.10.x: Insecure block handling (CVE-2012-4542) Information leak in vhost-net zerocopy support (CVE-2014-0131) Insufficient access checks on netlink sockets (CVE-2014-0181) Information leak in skb_zerocopy (CVE-2014-2568) Missing check during hugepage migration (CVE-2014-3940) Information leak in rc backend of target SCSI (CVE-2014-4027) Integer overflow when processing lz4 compressed kernel images (CVE-2014-4608) Various information disclosure, use-after-frees and integer overflows in ALSA user controls (CVE-2014-4656, CVE-2014-4655, CVE-2014-4654, CVE-2014-4653, CVE-2014-4652) Denial of service in the audit subsystem (CVE-2014-4508) Denial of service in memory management (CVE-2014-4171) Information disclosure in aio (CVE-2014-0206) These vulnerabilities are open in UCS 3.2 and fixed in Linux 3.10.45: Denial of Service in RDS (CVE-2012-2372) (3.10.27) Local denial of service in rds (CVE-2013-7339) (3.10.27) Buffer overflow in KVM (CVE-2014-0049) (3.10.33) Denial of service in vhost_net (CVE-2014-0055, CVE-2014-0077) (3.10.37) Denial of service in CIFS (CVE-2014-0069) (3.10.33) SCTP denial of service (CVE-2014-0101) (3.10.34) Denial of service in KVM (CVE-2014-0155) (3.10.40) Local denial of service in fpu handling (CVE-2014-1438) (3.10.27) Information leaks in hamradio network ioctl (CVE-2014-1446) (3.10.27) Information leak in the Netfilter connection tracker for IRC (CVE-2014-1690) (3.10.27) Information leak in ioctl media_enum_entities() (CVE-2014-1739) (3.10.42) Denial of service in selinux (CVE-2014-1874) (3.10.31) Ipv6 routing denial of service (CVE-2014-2309) (3.10.37) Denial of service in the atk9k driver (CVE-2014-2672) (3.10.42) Denial of service in RDS (CVE-2014-2678) (3.10.37) Denial of service in mac80211 (CVE-2014-2706) (3.10.34) Insufficient access checks on ping sockets (CVE-2014-2851) (3.10.41) Local denial of service in memory management (CVE-2014-3122) (3.10.39) Out of bounds read in BPF filters (CVE-2014-3144, CVE-2014-3145) (3.10.41) Denial of service in audit system (CVE-2014-3917) (3.10.44) Incorrect permission checks in inode_capable() (CVE-2014-4014) (3.10.44) Insufficient access checks on netlink sockets (CVE-2014-0181) Integer overflow when processing lz4 compressed kernel images (CVE-2014-4608) Various information disclosure, use-after-frees and integer overflows in ALSA user controls (CVE-2014-4656, CVE-2014-4655, CVE-2014-4654, CVE-2014-4653, CVE-2014-4652) These vulnerabilities are still unfixed in 3.10.x: Insecure block handling (CVE-2012-4542) Information leak in vhost-net zerocopy support (CVE-2014-0131) Information leak in skb_zerocopy (CVE-2014-2568) Missing check during hugepage migration (CVE-2014-3940) Information leak in rc backend of target SCSI (CVE-2014-4027) Denial of service in the audit subsystem (CVE-2014-4508) Denial of service in memory management (CVE-2014-4171) Information disclosure in aio (CVE-2014-0206) CVE-2014-3940 only affects 3.12 and later. These vulnerabilities are open in UCS 3.2 and fixed in Linux 3.10.45: Denial of Service in RDS (CVE-2012-2372) (3.10.27) Local denial of service in rds (CVE-2013-7339) (3.10.27) Buffer overflow in KVM (CVE-2014-0049) (3.10.33) Denial of service in vhost_net (CVE-2014-0055, CVE-2014-0077) (3.10.37) Denial of service in CIFS (CVE-2014-0069) (3.10.33) SCTP denial of service (CVE-2014-0101) (3.10.34) Denial of service in KVM (CVE-2014-0155) (3.10.40) Local denial of service in fpu handling (CVE-2014-1438) (3.10.27) Information leaks in hamradio network ioctl (CVE-2014-1446) (3.10.27) Information leak in the Netfilter connection tracker for IRC (CVE-2014-1690) (3.10.27) Information leak in ioctl media_enum_entities() (CVE-2014-1739) (3.10.42) Denial of service in selinux (CVE-2014-1874) (3.10.31) Ipv6 routing denial of service (CVE-2014-2309) (3.10.37) Denial of service in the atk9k driver (CVE-2014-2672) (3.10.42) Denial of service in RDS (CVE-2014-2678) (3.10.37) Denial of service in mac80211 (CVE-2014-2706) (3.10.34) Insufficient access checks on ping sockets (CVE-2014-2851) (3.10.41) Local denial of service in memory management (CVE-2014-3122) (3.10.39) Out of bounds read in BPF filters (CVE-2014-3144, CVE-2014-3145) (3.10.41) Denial of service in audit system (CVE-2014-3917) (3.10.44) Incorrect permission checks in inode_capable() (CVE-2014-4014) (3.10.44) Insufficient access checks on netlink sockets (CVE-2014-0181) Integer overflow when processing lz4 compressed kernel images (CVE-2014-4608) Various information disclosure, use-after-frees and integer overflows in ALSA user controls (CVE-2014-4656, CVE-2014-4655, CVE-2014-4654, CVE-2014-4653, CVE-2014-4652) Information leak in rc backend of target SCSI (CVE-2014-4027) (3.10.46) Denial of service in the audit subsystem (CVE-2014-4508) (3.10.46) Information disclosure in aio (CVE-2014-0206) (3.10.46) These vulnerabilities are still unfixed in 3.10.x: Insecure block handling (CVE-2012-4542) Information leak in vhost-net zerocopy support (CVE-2014-0131) Information leak in skb_zerocopy (CVE-2014-2568) Denial of service in memory management (CVE-2014-4171) (In reply to Moritz Muehlenhoff from comment #13) >> These vulnerabilities are still unfixed in 3.10.x: Bug 35226 has been created for these. The kernel package has been updated to 3.10.46 and the meta package has been updated to thew new release. Tests on hardware with i386 and amd64 were successful. YAML files: 2014-07-01-linux.yaml 2014-07-01-univention-kernel-image.yaml New issue, which needs to be added to the upcoming update, reopening: Missing input validation in the ptrace syscall allows privilege escalation (CVE-2014-4699) (This is limited to amd64) (In reply to Moritz Muehlenhoff from comment #16) > New issue, which needs to be added to the upcoming update, reopening: > > Missing input validation in the ptrace syscall allows privilege escalation > (CVE-2014-4699) (This is limited to amd64) A patch for this has been merged, built and tested. YAML files have been amended. Tests (amd64, amd64kvm, i386kvm): OK Advisories: OK |